Information Security & Compliance Support Specialist

Hi! Tech

New York, NY, USA

Published: 6/14/2022

Technology

Full Time

Job Description

Are you passionate about information security and compliance, particularly in the fast-paced world of start-ups and venture capital (VC) firms? We are seeking a dedicated Information Security and Compliance Support Specialist to join our dynamic team!

About the Role

As our Information Security and Compliance Support Specialist, you will play a vital role in creating, implementing, and enhancing effective information security and compliance frameworks tailored for our clients in the start-up and VC sectors. Your focus will be on developing efficient, audit-ready compliance programs that utilize integrated security solutions to drive success in dynamic environments.

What We Offer:

Competitive pay
Generous paid time off
Full benefits packages (medical, dental, vision, 401K, and life insurance)
Opportunities for growth
Great company culture

A Successful Candidate:

Takes initiative, is proactive, and self-motivated
Strives for excellent communication with clients and team members;
Thrives in the face of uncertainty, excited to create solutions;
Is an excellent problem solver;
Effectively communicates complex ideas or topics to a non-technical audience;
Takes initiative and self-motivated;
Has a strong internal locus of control;
Believes in consistent professional development and growth;
Is highly-likable; and,
Is well versed in all things InfoSec, compliance, and technology, with a wide breadth of knowledge across software, hardware, networking, and security disciplines.

Support & Troubleshooting:

Guide start-up clients through the entire audit lifecycle, from readiness assessment and gap analysis to evidence collection and remediation, for frameworks like SOC 2 and ISO 27001.
Perform security and compliance due diligence assessments on behalf of clients to evaluate the risk posture of potential investment targets.
Monitor, triage, and respond to security alerts and events, with a focus on maintaining continuous compliance and addressing potential audit findings.
Act as a first responder for security incidents, executing containment and investigation procedures that align with the client’s compliance and reporting obligations.
Lead the security and compliance posture of clients' cloud, device management, and SaaS platforms by collaborating with IT Support to troubleshoot and remediate security or compliance issues
Provide comprehensive training and guidance to client teams on security best practices and their specific responsibilities within a compliance framework.
Maintain proactive, clear, and regular communications with clients and internal stakeholders, providing status updates on audit readiness, active projects, and security posture.
Actively contribute to the creation and refinement of reusable compliance documentation, policy templates, and Standard Operating Procedures (SOPs) tailored for early-stage companies.
Liaise effectively with security and compliance automation platform vendors (e.g., Vanta) and external auditors on behalf of clients.

Implementation & Maintenance

Install, configure, and manage security tools and controls required to meet specific compliance objectives, including endpoint protection, vulnerability scanners, and log management systems.
Conduct proactive system maintenance, policy tuning, and configuration audits to ensure continuous compliance and optimal security performance.
Design and implement scalable security and compliance roadmaps for start-up clients, ensuring alignment with their business goals, funding requirements, and industry best practices.
Consult with clients to assess their compliance needs, understand their objectives, and recommend appropriately-sized and innovative solutions or process enhancements.
Consult with our system engineering and network engineering teams to embed security and compliance controls into the development lifecycle ("security by design").
Stay current with emerging security threats, compliance framework updates, and technologies relevant to the start-up ecosystem to continuously improve service quality.
Ensure all security implementations and support activities comply with relevant data protection regulations (e.g., GDPR, CCPA), company policies, and client-specific protocols.
Lead and track security awareness training campaigns using KnowBe4, including HIPAA, phishing, and general cybersecurity topics.
Conduct access reviews for various applications and systems, identifying and remediating discrepancies.

Documentation & Reporting

Deliver detailed, accurate, and timely reports, including audit readiness assessments, gap analyses, and due diligence findings.
Manage and prioritize daily tasks using internal tracking systems like Jira and Harvest.
Maintain clear, audit-ready documentation for security processes, procedures, and evidence of control implementation and effectiveness.
Develop and customize a complete suite of security policies and procedures for clients, including but not limited to Acceptable Use, Incident Response, and Business Continuity Plans.
Assist clients in gathering, managing, and presenting evidence to external auditors to ensure a smooth and successful audit process.
Contribute to the development of project estimates for compliance initiatives, manage the execution of the work, and maintain accountability for project timelines and deliverables.
Complete security questionnaires and assessments (e.g., CAIQ, State Ramp, etc) for clients, requiring in-depth knowledge of policies and technical controls.
Conduct and document vendor security reviews and due diligence against prospective and existing vendors.
Manage and track compliance tests and evidence in Vanta, including offboarding tests, general security awareness training records, and personnel monitoring.

Experience & Qualifications:

Bachelor's degree
2+ years of post-collegiate technical experience
Proven experience in an IT operations, information security, or compliance-focused role.
Strong understanding of information security frameworks and compliance standards (e.g., SOC 2, NIST, HIPAA).
Experience with compliance platforms (Vanta, Loopio, etc) and IT management tools (Okta, Mosyle, Jira, Slack, 1Password, SentinelOne).
Excellent written and verbal communication skills, with the ability to translate complex technical information into clear, concise documentation and presentations.
Demonstrated ability to manage multiple tasks and projects simultaneously, prioritize effectively, and meet deadlines.
Proactive and detail-oriented approach to problem-solving and documentation.
Adaptable and eager to learn new technologies and processes.
Experience with vendor management and due diligence.
Familiarity with various operating systems (macOS, Windows).
Proven ability to work successfully with limited supervision.
Ego-less personality with excellent teamwork and communication skills.
High empathy and bedside manner for end-users.
Ability to deep-dive into research and find fixes when faced with unfamiliar technical hurdles or blockers
Perseverance, resilience, and scrappiness in the face of challenges
Ability to work effectively whether on-site, on the go, or remotely
Ability to work in varying office cultures and able to blend in and work quietly and discreetly (when needed)
Must be trustworthy and able to maintain the confidentiality of all sensitive client data (able to sign NDAs as required)

Company DescriptionFriendly technologists providing tailored solutions for your business. We focus on the tech, so you can focus on success.

We pride ourselves on being a unique organization in today’s technology landscape. Born in 2013 out of a couture home IT support company in Brooklyn, Hi! Tech strategically pivoted into the business-to-business (B2B) client world and grew into a firm capable of taking on large-scale projects. All client experiences over the past 10 years have contributed to our evolution and helped us to become who we are today - a team of consultants who provide boutique, premium IT and technology support to our clients. Our organic growth has come from a strong client base and their referrals, the best testament to the work we do every day.

So who are our clients? They exist in all ends of tech-forward industries, from television and digital media production to health and beauty to e-commerce and retail. We meet our clients where they are, and design and execute fully customizable IT solutions based on the growing needs of their business!

Ways of working within our internal teams are collaborative and conversational, and we prioritize open communication and knowledge sharing. When your people come from as wide-ranging professional backgrounds as ours do, you always have something to learn from one another! Some questions we ask ourselves constantly: How can we do better? How can we make our work excellent? Our team members help push us to get there, and we grow alongside them.

We believe in and are proud of taking care of our people. We offer competitive salaries and a complete benefits package, including generous paid time off, a 401(k) with a company match of up to 4%, medical, dental, and vision insurance with company contributions, life, and long-term disability insurance, commuter and cell phone reimbursements, IncentFit and CitiBike memberships, all paid for by the company.

At Hi! Tech, we are committed to fostering an inclusive and accessible workplace. If you require reasonable accommodations during the application or interview process due to a disability, please contact us. We are excited to work with you to ensure a positive and equitable experience.

Company Description

Friendly technologists providing tailored solutions for your business. We focus on the tech, so you can focus on success.\r\n\r\nWe pride ourselves on being a unique organization in today’s technology landscape. Born in 2013 out of a couture home IT support company in Brooklyn, Hi! Tech strategically pivoted into the business-to-business (B2B) client world and grew into a firm capable of taking on large-scale projects. All client experiences over the past 10 years have contributed to our evolution and helped us to become who we are today - a team of consultants who provide boutique, premium IT and technology support to our clients. Our organic growth has come from a strong client base and their referrals, the best testament to the work we do every day.\r\n\r\nSo who are our clients? They exist in all ends of tech-forward industries, from television and digital media production to health and beauty to e-commerce and retail. We meet our clients where they are, and design and execute fully customizable IT solutions based on the growing needs of their business!\r\n\r\nWays of working within our internal teams are collaborative and conversational, and we prioritize open communication and knowledge sharing. When your people come from as wide-ranging professional backgrounds as ours do, you always have something to learn from one another! Some questions we ask ourselves constantly: How can we do better? How can we make our work excellent? Our team members help push us to get there, and we grow alongside them.\r\n\r\nWe believe in and are proud of taking care of our people. We offer competitive salaries and a complete benefits package, including generous paid time off, a 401(k) with a company match of up to 4%, medical, dental, and vision insurance with company contributions, life, and long-term disability insurance, commuter and cell phone reimbursements, IncentFit and CitiBike memberships, all paid for by the company.\r\n\r\nAt Hi! Tech, we are committed to fostering an inclusive and accessible workplace. If you require reasonable accommodations during the application or interview process due to a disability, please contact us. We are excited to work with you to ensure a positive and equitable experience.